POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis

Mu, Dongliang; Du, Yunlan; Xu, Jiachao; Xu, Jun; Xing, Xinyu; Mao, Bing; Liu, Peng

doi:10.1109/tse.2019.2939528

Cited by 5 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Experimental results show that out of 31 tested bugs, the causes of 29 bugs were accurately identified. Mu et al implemented POMP++ based on POMP [51]. Before conducting reverse analysis, POMP++ enhanced bias analysis by incorporating value-set analysis (VSA) and hypothesis verification, allowing for the recovery of more detailed data flow and increasing the efficiency of bug-cause identification.…”

Section: Methods Based On Context Comparisonmentioning

confidence: 99%

A Survey on Bug Deduplication and Triage Methods from Multiple Points of View

Qian,

Zhang,

Nie

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

To address the issue of insufficient testing caused by the continuous reduction of software development cycles, many organizations maintain bug repositories and bug tracking systems to ensure real-time updates of bugs. However, each day, a large number of bugs is discovered and sent to the repository, which imposes a heavy workload on bug fixers. Therefore, effective bug deduplication and triage are of great significance in software development. This paper provides a comprehensive investigation and survey of the recent developments in bug deduplication and triage. The study begins by outlining the roadmap of the existing literature, including the research trends, mathematical models, methods, and commonly used datasets in recent years. Subsequently, the paper summarizes the general process of the methods from two perspectives—runtime information-based and bug report-based perspectives—and provides a detailed overview of the methodologies employed in relevant works. Finally, this paper presents a detailed comparison of the experimental results of various works in terms of usage methods, datasets, accuracy, recall rate, and F1 score. Drawing on key findings, such as the need to improve the accuracy of runtime information collection and refine the description information in bug reports, we propose several potential future research directions in the field, such as stack trace enrichment and the combination of new NLP models.

show abstract

Section: Methods Based On Context Comparisonmentioning

confidence: 99%

A Survey on Bug Deduplication and Triage Methods from Multiple Points of View

Qian,

Zhang,

Nie

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…These include Domain Generation Algorithms (DGA) analysis [17], patterns recognition for command and control sequences [18], analysis of Domain Name Systems (DNS) patterns for hosting malware [19], among others. However, memory dumping analysis stands out as the most promising [8] due to it enables the examination of postmortem scenarios, offering insights into the malware's primary features and behaviors after it has completed its entire attack sequence [3], [11].…”

Section: A Motivationmentioning

confidence: 99%

“…For instance, the number of handlers opened by the operative system on request of the process, the number of opened sockets for communication to remote sites; and the number of mutex and semaphores used are attributes that can help to detect obfuscated privacy malware categories and even its family sub-classification. The contributions presented by Lashkari et al [10] and Mu et al [11] detail a complete guide for this procedure.…”

Section: Introductionmentioning

confidence: 99%

Obfuscated Privacy Malware Classifiers Based on Memory Dumping Analysis

Cevallos-Salas,

Grijalva,

Estrada-Jiménez

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Malware targeting user privacy has seen a surge in recent times, attributed to evolving global regulations and the boost of electronic commerce and online services. Moreover, recognizing privacy malware that employs obfuscation as evasion mechanism presents a major challenge due to its dynamics, resilience, and polymorphism at runtime, necessitating the application of forensic techniques such as memory dumping analysis in order to reveal suitable patterns and behaviors that enable its subsequent detection and classification. In this paper, we present three obfuscated privacy malware classifiers trained on the CIC-MalMem-2022 dataset. These solutions include a binary classifier to distinguish benign from malicious samples using logistic regression (LR), a multiclass classifier that further categorizes benign, spyware, ransomware, and trojan horse obfuscated privacy malware; and a more detailed multiclass classifier capable of discriminating benign samples from fifteen specific obfuscated privacy malware families. Multiclass classifiers were built using several traditional machine learning algorithms and a novel Deep Neural Network (DNN). We applied the Synthetic Minority Oversampling Technique (SMOTE) to address data imbalances. In particular, our results demonstrate that DNN outperforms traditional machine learning algorithms, yielding statistically significant improvements in key metrics. These achievements reach practical thresholds, suggesting the potential for enhanced malware protection systems. The dataset and all the coding files required for experiments reproducibility are publicly available at https://github.com/dcevallossalas/PrivacyMalwareClassifiers.

show abstract

“…Xu et al [58] proposed to improve root cause analysis when a core dump contains corrupted data (e.g., due to memory corruption vulnerabilities). Xu et al [59] later proposed an approach (and extensions [36]) that uses the Intel processor trace feature and a core dump to perform offline binary analysis to recover instructions that lead to a crash. Subsequently, Cui et al [11] suggested a refinement wherein the accuracy of the recovered data flow is improved.…”

Section: Related Workmentioning

confidence: 99%